CVE-2025-7430 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Zohocorp's ManageEngine Exchange Reporter Plus product, specifically in versions 5723 and earlier. The vulnerability arises from improper neutralization of input during web page generation within the Folder Message Count and Size report module. This flaw allows an attacker with low-level privileges to inject malicious JavaScript code that is stored on the server and later executed in the context of other users' browsers when they view the affected report. The CVSS v3.1 base score is 7.3, reflecting a high severity due to the vulnerability's network attack vector, low attack complexity, requirement for privileges and user interaction, and significant impact on confidentiality and integrity. The vulnerability does not affect availability. No patches are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability could be exploited to steal sensitive information, hijack user sessions, or perform actions on behalf of authenticated users, potentially compromising organizational security. The flaw highlights the need for proper input validation and output encoding in web applications, especially those handling sensitive reporting data.

The primary impact of CVE-2025-7430 is on the confidentiality and integrity of data within organizations using ManageEngine Exchange Reporter Plus. Successful exploitation can lead to theft of sensitive information such as authentication tokens, user credentials, or confidential report data. Attackers may also perform unauthorized actions by leveraging the victim's session, potentially escalating privileges or modifying data. Although availability is not directly impacted, the breach of confidentiality and integrity can result in significant operational disruptions, regulatory non-compliance, and reputational damage. Organizations in sectors heavily reliant on email infrastructure monitoring and reporting, such as finance, healthcare, government, and large enterprises, face elevated risks. The requirement for low privileges and user interaction lowers the barrier for exploitation, increasing the threat landscape. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

Organizations should immediately assess their ManageEngine Exchange Reporter Plus deployments to identify affected versions (5723 and below). Until official patches are released, implement strict input validation and output encoding on all user-supplied data within the Folder Message Count and Size report feature to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Limit user privileges to the minimum necessary to reduce the risk of exploitation. Monitor logs and user activity for unusual behavior indicative of XSS exploitation attempts. Educate users about the risks of interacting with suspicious reports or links. Once patches are available, prioritize timely deployment to fully remediate the vulnerability. Additionally, consider isolating the reporting system from critical networks and enforcing multi-factor authentication to reduce the impact of potential session hijacking.